New "whitelist" column, IDS
Idea shared by Brian Ellwood - 6/18/2015 at 8:33 AM
A new employee was setting up their Outlook and had their password wrong and as a result of repeated attempts the entire office was blocked by IDS
I don't want to whitelist my office's IP in the traditional sense to bypass relay restrictions, etc, I just want it to be bypassed for IDS rules (or for specific rules)
Maybe theres a better way?

2 Replies

Reply to Thread
Employee Replied
Employee Post
Brian, whitelisting your office IP is really the only way to prevent the brute force rule enforcement.  Is there a reason you don't want to whitelist your office IP?  Also, what settings for the brute force detection rule are you currently using?
One improvement we could possibly implement in SM, is to keep a list of attempted passwords and increment a counter of each unique password.  Most mail clients and their users would likely use the same password repeatedly instead of radically changing up the password attempts like "real" brute force attackers.  After XX many unique failed attempts (or YY many attempts with the same password?), the user's IP would be blocked.
The main reason is security:

"Whitelisted IP addresses are not subject to relay restrictions"

Who knows what rogue craziness may occur on an employees' PC so whitelisting doesn't seem like the real solution.

I don't recall which rule was triggered (gah shouldhave noted it) but it was of type SMTP.

I guess I just want to ignore Abuse Detection for my office but still have the other protections enabled.

I figured having that extra column in whitelisting would allow me to do just that?

Reply to Thread